Appl. No. 09/661,637 

Amdt. Dated June 19, 2007 

Reply to Office Action of February 8, 2007 



Amendments to the Claims: 

Please amend claims 1, 3, 4, 6, 8, 9, 11, 13, 14 and 16-18, without prejudice. 
Please add new claims 19-27. 

This listing of claims will replace all prior versions, and listings of claims in the 
application: 

Listing of Claims: 

1. (Currently Amended) A method of delivering security services, comprising: 

connecting a plurality of processors in a ring configuration within a first 
processing system network device at a first point-of-presence of a service 
provider network ; 

establishing a secure connection between a second processing system 
network device at a second point-of-presence of the service provider network and 
the first processing system network device across an internet protocol (IP) 
connection to form a tunnel; [[and]] 

routing messages from the second processing system network device via 
the first processing system network device; and , wherein routing includes 

providing customized application layer services for a customer plurality of 
customers using at least one processor selected from the plurality of processors in 
the first processing system's ring configuration of the first network device . 

2. (Original) The method of claim 1, wherein, to support a communications 
network, the plurality of processors includes one or more control processors, one or 
more access processors, and one or more processing processors. 

3. (Currently Amended) The method of claim 2, wherein for each of [[a]] the 
plurality of customers, a virtual router is formed in the first processing system network 
device and is operably connected to a virtual router formed in the second system 
network device. 
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4. (Currently Amended) The method of claim 2, wherein for each of [[a]] the 
plurality of customers, a virtual private network is formed using a virtual router formed 
in the first processing system network device and operably connected to a virtual router 
formed in the second system network device . 

5. (Original) The method of claim 2, wherein the connecting a plurality of 
processors in the ring configuration includes forming dual counter rotating ring 
connections, each connecting to each of the plurality of processors. 

6. (Currently Amended) A system of delivering security services, comprising: 

a plurality of processors in a ring configuration within a first service 
processing system switch ; and 

means for establishing a secure connection between the first service 
processing system switch across an internet protocol (IP) connection to a second 
service processing system switch to form a tunnel, and for providing both router 
services and customized application layer services for a plurality of customers of 
a service provider via one or more processors of the first service processing 
system for a customer switch using the second service processing system switch . 

7. (Previously Presented) The system of claim 6, wherein, to support a 
communications network, the plurality of processors includes one or more control 
processors, one or more access processors, and one or more processing processors. 

8. (Currently Amended) The system of claim 7, wherein for each of [[a]] the 
plurality of customers, a virtual router is formed in the first service processing system 
switch and is operably connected to a virtual router formed in the second service 
processing switch system . 

9. (Currently Amended) The system of claim 7, wherein for each of [[a]] the 
plurality of customers, a virtual private network is formed using a virtual router formed 
in the first service processing system switch and operably connected to a virtual router 
formed in the second service processing switch system . 
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10. (Original) The system of claim 7, wherein the plurality of processors in the 
ring configuration includes dual counter rotating ring connections, each connecting to 
each of the plurality of processors. 

11. (Currently Amended) A system of delivering security services, comprising: 

a first ring-network hardware platform including a plurality of processors 
within a first processing system connected in a ring configuration; and 

a tunnel formed using a secure connection between the first processing 
system ring-network hardware platform across an internet protocol (IP) 
connection to a second processing system ring-network hardware platform , 
wherein both router services and customized application layer services are 
provided to the second processing system ring-network hardware platform via one 
or more processors of the plurality of processors of the first processing system 
ring-network hardware platform . 

12. (Original) The system of claim 11, wherein, to support a communications 
network, the plurality of processors includes one or more control processors, one or 
more access processors, and one or more processing processors. 

13. (Currently Amended) The system of claim 11, wherein for each of a plurality 
of customers, a virtual router is formed in the first processing system ring-network 
hardware platform and is operably connected to a virtual router formed in the second 
system ring-network hardware platform . 

14. (Currently Amended) The system of claim 11, wherein for each of a plurality 
of customers, a virtual private network is formed using a virtual router formed in the 
first processing system ring-network hardware platform and operably connected to a 
virtual router formed in the second system ring-network hardware platform . 

15. (Original) The system of claim 11, wherein the plurality of processors in the 
ring configuration includes dual counter rotating ring connections, each connecting to 
each of the plurality of processors. 
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16. (Currently Amended) The system of claim 11, further compromising: 
comprising a services management system that provides changeable provisioning of 
processor capacity among a plurality of customers. 

17. (Currently Amended) The system of claim 11, further comprising[[:]] a 
services management system that provides application layer firewall protection for each 
of a plurality of customers. 

18. (Currently Amended) The system of claim 11, further comprising[[:]] a 
services management system that provides provisioning of processor capacity among a 
plurality of customers, wherein each customer's resources are isolated from those of all 
the other customers. 

19. (New) A method comprising: 

providing a first service processing switch at a first point-of-presence 
(POP) associated with a first site of a first subscriber of a service provider and a 
first site of a second subscriber of the service provider; 

providing a second service processing switch at a second POP associated 
with a second site of the first subscriber and a second site of the second 
subscriber, wherein the first service processing switch and the second service 
processing switch are communicatively coupled via a network; 

logically connecting a plurality of processors of the first service 
processing switch into a packet-passing ring configuration; 

logically connecting a plurality of processors of the second service 
processing switch into a packet-passing ring configuration; 

establishing a first set of virtual routers on the plurality of processors of 
the first service processing switch; 

establishing a second set of virtual routers on the plurality of processors of 
the second service processing switch; 

providing the first subscriber with a first set of customized application 
layer services and the second subscriber with a second set of customized 
application layer services and providing subscriber resource isolation by 
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partitioning the first set of virtual routers and the second set of 
virtual routers between the first subscriber and the second subscriber 
including (i) allocating and configuring a first partition, comprising a first 
subset of the first set of virtual routers and a first subset of the second set 
of virtual routers, to the first subscriber and (ii) allocating and configuring 
a second partition, comprising a second subset of the first set of virtual 
routers and a second subset of the second set of virtual routers, to the 
second subscriber, 

providing the first subscriber with a first virtual private network 
(VPN) communicatively coupling the first site of the first subscriber with 
the second site of the first subscriber by establishing a first secure tunnel 
through the network between virtual routers of the first partition, and 

providing the second subscriber with a second virtual private 
network (VPN) communicatively coupling the first site of the second 
subscriber with the second site of the second subscriber by establishing a 
second secure tunnel through the network between virtual routers of the 
second partition; and 

providing changeable provisioning of processing capacity between the 
first subscriber and the second subscriber by programmatically dynamically 
reallocating resources of the first service processing switch or the second service 
processing switch between the first partition and the second partition based on 
comparative processing demands of the first set of customized application layer 
services and the second set of customized application layer services. 

20. (New) The method of claim 19, wherein the first set of customized application 
layer services comprises firewall protection. 

21. (New) The method of claim 20, wherein the first set of customized application 
layer services comprises web site hosting. 

22. (New) The method of claim 20, wherein the first set of customized application 
layer services comprises e-mail services. 
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23. (New) The method of claim 19, wherein the first secure tunnel and the second 
secure tunnel are established by sharing a single secure tunnel between the first 
service processing switch and the second service processing switch. 

24. (New) The method of claim 19, wherein in said providing changeable 
provisioning of processing capacity between the first subscriber and the second 
subscriber is controlled by a services management system of the service 
provider. 

25. (New) The method of claim 19, wherein the plurality of processors of the first 
service processing switch are associated with one or more control blades, one or 
more access blades, and one or more processing blades. 

26. (New) The method of claim 19, wherein packets exchanged between the first 
service processing switch and the second processing switch contain processor 
identifiers (PEIDs) that identify a processor of the plurality of processors of the 
first service processing switch or a processor of the plurality of processors of the 
second service processing switch to which the packets are destined. 

27. (New) The method of claim 26, wherein the packets contain logical queue 
identifiers (LQIDs) that identify a software entity to which the packets are 
destined within the identified processor. 
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